• Title/Summary/Keyword: Attack detection techniques

Search Result 146, Processing Time 0.018 seconds

A Study on Multi-level Attack Detection Technique based on Profile Table (프로파일 기반 다단계 공격 탐지 기법에 관한 연구)

  • Yang, Hwan Seok
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.10 no.4
    • /
    • pp.89-96
    • /
    • 2014
  • MANET has been applied to a wide variety of areas because it has advantages which can build a network quickly in a difficult situation to build a network. However, it is become a victim of malicious nodes because of characteristics such as mobility of nodes consisting MANET, limited resources, and the wireless network. Therefore, it is required to lightweight attack detection technique which can accurately detect attack without causing a large burden to the mobile node. In this paper, we propose a multistage attack detection techniques that attack detection takes place in routing phase and data transfer phase in order to increase the accuracy of attack detection. The proposed attack detection technique is composed of four modules at each stage in order to perform accurate attack detection. Flooding attack and packet discard or modify attacks is detected in the routing phase, and whether the attack by modification of data is detected in the data transfer phase. We assume that nodes have a public key and a private key in pairs in this paper.

A Study on Attack Detection using Hierarchy Architecture in Mobile Ad Hoc Network (MANET에서 계층 구조를 이용한 공격 탐지 기법 연구)

  • Yang, Hwan Seok
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.10 no.2
    • /
    • pp.75-82
    • /
    • 2014
  • MANET has various types of attacks. In particular, routing attacks using characteristics of movement of nodes and wireless communication is the most threatening because all nodes which configure network perform a function of router which forwards packets. Therefore, mechanisms that detect routing attacks and defense must be applied. In this paper, we proposed hierarchical structure attack detection techniques in order to improve the detection ability against routing attacks. Black hole detection is performed using PIT for monitoring about control packets within cluster and packet information management on the cluster head. Flooding attack prevention is performed using cooperation-based distributed detection technique by member nodes. For this, member node uses NTT for information management of neighbor nodes and threshold whether attack or not receives from cluster head. The performance of attack detection could be further improved by calculating at regular intervals threshold considering the total traffic within cluster in the cluster head.

The Bayesian Framework based on Graphics for the Behavior Profiling (행위 프로파일링을 위한 그래픽 기반의 베이지안 프레임워크)

  • 차병래
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.14 no.5
    • /
    • pp.69-78
    • /
    • 2004
  • The change of attack techniques paradigm was begun by fast extension of the latest Internet and new attack form appearing. But, Most intrusion detection systems detect only known attack type as IDS is doing based on misuse detection, and active correspondence is difficult in new attack. Therefore, to heighten detection rate for new attack pattern, the experiments to apply various techniques of anomaly detection are appearing. In this paper, we propose an behavior profiling method using Bayesian framework based on graphics from audit data and visualize behavior profile to detect/analyze anomaly behavior. We achieve simulation to translate host/network audit data into BF-XML which is behavior profile of semi-structured data type for anomaly detection and to visualize BF-XML as SVG.

A Novel Framework for APT Attack Detection Based on Network Traffic

  • Vu Ngoc Son
    • International Journal of Computer Science & Network Security
    • /
    • v.24 no.1
    • /
    • pp.52-60
    • /
    • 2024
  • APT (Advanced Persistent Threat) attack is a dangerous, targeted attack form with clear targets. APT attack campaigns have huge consequences. Therefore, the problem of researching and developing the APT attack detection solution is very urgent and necessary nowadays. On the other hand, no matter how advanced the APT attack, it has clear processes and lifecycles. Taking advantage of this point, security experts recommend that could develop APT attack detection solutions for each of their life cycles and processes. In APT attacks, hackers often use phishing techniques to perform attacks and steal data. If this attack and phishing phase is detected, the entire APT attack campaign will be crash. Therefore, it is necessary to research and deploy technology and solutions that could detect early the APT attack when it is in the stages of attacking and stealing data. This paper proposes an APT attack detection framework based on the Network traffic analysis technique using open-source tools and deep learning models. This research focuses on analyzing Network traffic into different components, then finds ways to extract abnormal behaviors on those components, and finally uses deep learning algorithms to classify Network traffic based on the extracted abnormal behaviors. The abnormal behavior analysis process is presented in detail in section III.A of the paper. The APT attack detection method based on Network traffic is presented in section III.B of this paper. Finally, the experimental process of the proposal is performed in section IV of the paper.

Attack Categorization based on Web Application Analysis (웹 어플리케이션 특성 분석을 통한 공격 분류)

  • 서정석;김한성;조상현;차성덕
    • Journal of KIISE:Information Networking
    • /
    • v.30 no.1
    • /
    • pp.97-116
    • /
    • 2003
  • Frequency of attacks on web services and the resulting damage continue to grow as web services become popular. Techniques used in web service attacks are usually different from traditional network intrusion techniques, and techniques to protect web services are badly needed. Unfortunately, conventional intrusion detection systems (IDS), especially those based on known attack signatures, are inadequate in providing reasonable degree of security to web services. An application-level IDS, tailored to web services, is needed to overcome such limitations. The first step in developing web application IDS is to analyze known attacks on web services and characterize them so that anomaly-based intrusion defection becomes possible. In this paper, we classified known attack techniques to web services by analyzing causes, locations where such attack can be easily detected, and the potential risks.

Detection of System Abnormal State by Cyber Attack (사이버 공격에 의한 시스템 이상상태 탐지 기법)

  • Yoon, Yeo-jeong;Jung, You-jin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.29 no.5
    • /
    • pp.1027-1037
    • /
    • 2019
  • Conventional cyber-attack detection solutions are generally based on signature-based or malicious behavior analysis so that have had difficulty in detecting unknown method-based attacks. Since the various information occurring all the time reflects the state of the system, by modeling it in a steady state and detecting an abnormal state, an unknown attack can be detected. Since a variety of system information occurs in a string form, word embedding, ie, techniques for converting strings into vectors preserving their order and semantics, can be used for modeling and detection. Novelty Detection, which is a technique for detecting a small number of abnormal data in a plurality of normal data, can be performed in order to detect an abnormal condition. This paper proposes a method to detect system anomaly by cyber attack using embedding and novelty detection.

Attack Path and Intention Recognition System for detecting APT Attack (APT 공격 탐지를 위한 공격 경로 및 의도 인지 시스템)

  • Kim, Namuk;Eom, Jungho
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.16 no.1
    • /
    • pp.67-78
    • /
    • 2020
  • Typical security solutions such as intrusion detection system are not suitable for detecting advanced persistent attack(APT), because they cannot draw the big picture from trivial events of security solutions. Researches on techniques for detecting multiple stage attacks by analyzing the correlations between security events or alerts are being actively conducted in academic field. However, these studies still use events from existing security system, and there is insufficient research on the structure of the entire security system suitable for advanced persistent attacks. In this paper, we propose an attack path and intention recognition system suitable for multiple stage attacks like advanced persistent attack detection. The proposed system defines the trace format and overall structure of the system that detects APT attacks based on the correlation and behavior analysis, and is designed with a structure of detection system using deep learning and big data technology, etc.

An Empirical Comparison Study on Attack Detection Mechanisms Using Data Mining (데이터 마이닝을 이용한 공격 탐지 메커니즘의 실험적 비교 연구)

  • Kim, Mi-Hui;Oh, Ha-Young;Chae, Ki-Joon
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.31 no.2C
    • /
    • pp.208-218
    • /
    • 2006
  • In this paper, we introduce the creation methods of attack detection model using data mining technologies that can classify the latest attack types, and can detect the modification of existing attacks as well as the novel attacks. Also, we evaluate comparatively these attack detection models in the view of detection accuracy and detection time. As the important factors for creating detection models, there are data, attribute, and detection algorithm. Thus, we used NetFlow data gathered at the real network, and KDD Cup 1999 data for the experiment in large quantities. And for attribute selection, we used a heuristic method and a theoretical method using decision tree algorithm. We evaluate comparatively detection models using a single supervised/unsupervised data mining approach and a combined supervised data mining approach. As a result, although a combined supervised data mining approach required more modeling time, it had better detection rate. All models using data mining techniques could detect the attacks within 1 second, thus these approaches could prove the real-time detection. Also, our experimental results for anomaly detection showed that our approaches provided the detection possibility for novel attack, and especially SOM model provided the additional information about existing attack that is similar to novel attack.

A Study on DDoS(Distributed Denial of Service) Attack Detection Model Based on Statistical (통계 기반 분산서비스거부(DDoS)공격 탐지 모델에 관한 연구)

  • Kook, Yoon-Ju;Kim, Yong-Ho;Kim, Jeom-Goo;Kim, Kiu-Nam
    • Convergence Security Journal
    • /
    • v.9 no.2
    • /
    • pp.41-48
    • /
    • 2009
  • Distributed denial of service attack detection for more development and research is underway. The method of using statistical techniques, the normal packets and abnormal packets to identify efficient. In this paper several statistical techniques, using a mix of various offers a way to detect the attack. To verify the effectiveness of the proposed technique, it set packet filtering on router and the proposed DDoS attacks detection method on a Linux router. In result, the proposed technique was detect various attacks and provide normal service mostly.

  • PDF

Techniques for Improving Host-based Anomaly Detection Performance using Attack Event Types and Occurrence Frequencies

  • Juyeon Lee;Daeseon Choi;Seung-Hyun Kim
    • Journal of the Korea Society of Computer and Information
    • /
    • v.28 no.11
    • /
    • pp.89-101
    • /
    • 2023
  • In order to prevent damages caused by cyber-attacks on nations, businesses, and other entities, anomaly detection techniques for early detection of attackers have been consistently researched. Real-time reduction and false positive reduction are essential to promptly prevent external or internal intrusion attacks. In this study, we hypothesized that the type and frequency of attack events would influence the improvement of anomaly detection true positive rates and reduction of false positive rates. To validate this hypothesis, we utilized the 2015 login log dataset from the Los Alamos National Laboratory. Applying the preprocessed data to representative anomaly detection algorithms, we confirmed that using characteristics that simultaneously consider the type and frequency of attack events is highly effective in reducing false positives and execution time for anomaly detection.